Specifications

Evaluating the Log Files

Log ﬁles often become very large, depending on the type of data recorded

and the duration of recording. With the search mask of the Log File Ana-

lyzer, restrict the extent of the data to analyze. Fill out the mask then click

‘Show’ to display data in the lower part of the window ﬁltered according to

the search criteria. Using ‘First Page’, ‘Previous Page’, ‘Next Page’, and ‘Last

Page’, browse through the pages of the display.

With the following instructions, determine the extent and the compilation of

the data displayed:

Max Lines per Page Maximum number of lines per display page

Begin Date Precisely deﬁne the beginning date of the data to display.

End Date Deﬁnes the end date.

Regular Expression Search for keywords through a regular expression. If

you are interested, for example, only in messages containing the string

“ICMP”, enter ICMP here.

The IP Filter Statistics

The IP Filter statistics for the ﬁrewall can be evaluated in three different

ways:

alldates All data accumulated since the beginning of the recording date is

displayed graphically (see Figure 3.53 on the facing page).

lastweek All data of the past week is displayed graphically.

today All data for the current day is displayed graphically.

Click the statistics required in the left window. On the right-hand side, an

HTML page appears with the detailed evaluation.

General Summary The general summary includes information about the

number of blocked packets, the average blocking rate per day, the num-

ber of individually blocked packets, the number of hosts whose packets

were blocked, the entire volume of blocked packets, and the average

size of them.

102 Log File Analysis